Feature/secret fix

Dockerfile

@@ -1,18 +1,18 @@
-FROM adoptopenjdk/openjdk11:jdk-11.0.6_10-alpine-slim as builder
+FROM eclipse-temurin:17.0.6_10-jdk-focal as builder
 WORKDIR /usr/src/app
 ADD . .
 RUN ./mvnw package -Dmaven.test.skip=true
 
 #####################################################
 
-FROM adoptopenjdk/openjdk11:jre-11.0.6_10-alpine
+FROM eclipse-temurin:17.0.6_10-jre-focal
 COPY --from=builder /usr/src/app/target/ego-*-exec.jar /usr/bin/ego.jar
 ENV EGO_USER ego
 ENV EGO_USER_ID 9999
 ENV EGO_GROUP_ID 9999
 ENV EGO_DIR /target
-RUN addgroup -S -g $EGO_GROUP_ID $EGO_USER \
-    && adduser -S -u $EGO_USER_ID -G $EGO_USER $EGO_USER  \
+RUN addgroup --system --gid $EGO_GROUP_ID $EGO_USER \
+    && adduser --system --uid $EGO_USER_ID --ingroup $EGO_USER $EGO_USER  \
     && mkdir -p $EGO_DIR \
     && chown -R $EGO_USER $EGO_DIR 
 USER $EGO_USER_ID

Jenkinsfile

@@ -12,10 +12,10 @@ spec:
   - name: maven
     command: ['cat']
     tty: true
-    image: maven:3.6.3-openjdk-11
+    image: maven:3.8.5-openjdk-17
   - name: jdk
     tty: true
-    image: adoptopenjdk/openjdk11:jdk-11.0.7_10-alpine-slim
+    image: eclipse-temurin:17.0.6_10-jdk-focal
     env:
       - name: DOCKER_HOST
         value: tcp://localhost:2375

pom.xml

@@ -13,16 +13,17 @@
     <parent>
         <groupId>org.springframework.boot</groupId>
         <artifactId>spring-boot-starter-parent</artifactId>
-        <version>2.5.12</version>
+        <version>3.0.5</version>
         <relativePath/> <!-- lookup parent from repository -->
     </parent>
-
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-        <java.version>11</java.version>
+        <java.version>17</java.version>
         <mapstruct.version>1.2.0.Final</mapstruct.version>
-        <grpc.version>1.34.1</grpc.version>
+        <grpc.version>1.54.0</grpc.version><!-- WIP -->
+        <!-- Spring security version compatible with Spring boot 3.0.x -->
+        <spring-security.version>6.0.3</spring-security.version>
     </properties>
 
     <dependencies>
@@ -34,6 +35,14 @@
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-actuator</artifactId>
         </dependency>
+
+        <!-- Moving authorization-server before of starter-security to solve conflicts with JwtEncoder, V1.x compatible with Spring boot 3.0.x -->
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-oauth2-authorization-server</artifactId>
+            <version>1.0.1</version>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
@@ -52,8 +61,8 @@
 
         <dependency>
             <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-oauth2-authorization-server</artifactId>
-            <version>0.2.1</version>
+            <artifactId>spring-security-oauth2-client</artifactId>
+            <version>6.0.3</version>
         </dependency>
 
         <dependency>
@@ -68,27 +77,15 @@
         <dependency>
             <groupId>org.projectlombok</groupId>
             <artifactId>lombok</artifactId>
-            <version>1.18.16</version>
+            <!-- compatible with JDK17 -->
+            <version>1.18.22</version>
             <optional>true</optional>
         </dependency>
-
+        <!-- API documentation. replacement of springfox-swagger2, compatible with Springboot 3.x -->
         <dependency>
-            <groupId>io.springfox</groupId>
-            <artifactId>springfox-swagger2</artifactId>
-            <version>2.9.2</version>
-            <scope>compile</scope>
-            <exclusions>
-                <exclusion>
-                    <groupId>org.mapstruct</groupId>
-                    <artifactId>mapstruct</artifactId>
-                </exclusion>
-            </exclusions>
-        </dependency>
-        <dependency>
-            <groupId>io.springfox</groupId>
-            <artifactId>springfox-swagger-ui</artifactId>
-            <version>2.9.2</version>
-            <scope>compile</scope>
+            <groupId>org.springdoc</groupId>
+            <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
+            <version>2.1.0</version>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -135,25 +132,25 @@
         <!-- https://vladmihalcea.com/the-best-way-to-map-an-enum-type-with-jpa-and-hibernate/ -->
         <dependency>
             <groupId>com.vladmihalcea</groupId>
-            <artifactId>hibernate-types-52</artifactId>
-            <version>2.2.2</version>
+            <artifactId>hibernate-types-60</artifactId>
+            <version>2.21.1</version>
         </dependency>
 
         <!-- TestContainers (for testing) -->
         <dependency>
             <groupId>org.testcontainers</groupId>
             <artifactId>testcontainers</artifactId>
-            <version>1.15.1</version>
+            <version>1.18.0</version>
         </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>
             <artifactId>jdbc</artifactId>
-            <version>1.15.1</version>
+            <version>1.18.0</version>
         </dependency>
         <dependency>
             <groupId>org.testcontainers</groupId>
             <artifactId>postgresql</artifactId>
-            <version>1.15.1</version>
+            <version>1.18.0</version>
         </dependency>
         <dependency>
             <groupId>commons-io</groupId>
@@ -166,11 +163,11 @@
             <version>2.6</version>
         </dependency>
 
-        <!-- Flyway, for testcontainers -->
+        <!-- Flyway, for testcontainers V9 compatible with SpringBoot 3 -->
         <dependency>
             <groupId>org.flywaydb</groupId>
             <artifactId>flyway-core</artifactId>
-            <version>5.2.4</version>
+            <version>9.16.3</version>
         </dependency>
 
 
@@ -243,6 +240,11 @@
             <artifactId>spring-cloud-starter-vault-config</artifactId>
             <version>2.1.2.RELEASE</version>
         </dependency>
+            <dependency>
+                <groupId>org.springframework.cloud</groupId>
+                <artifactId>spring-cloud-vault-config-databases</artifactId>
+                <version>4.0.1</version>
+            </dependency>
         <dependency>
             <groupId>com.amazonaws</groupId>
             <artifactId>aws-java-sdk-core</artifactId>
@@ -304,6 +306,13 @@
             <scope>test</scope>
         </dependency>
 
+        <!-- Compatibility with Grpc proto generated annotation -->
+        <dependency>
+            <groupId>javax.annotation</groupId>
+            <artifactId>javax.annotation-api</artifactId>
+            <version>1.3.2</version>
+        </dependency>
+
         <dependency>
             <groupId>org.junit.vintage</groupId>
             <artifactId>junit-vintage-engine</artifactId>
@@ -356,7 +365,7 @@
                 <artifactId>spring-boot-maven-plugin</artifactId>
                 <configuration>
                     <classifier>exec</classifier>
-                    <fork>true</fork>
+<!--                    <fork>true</fork>-->
                 </configuration>
                 <executions>
                     <execution>
@@ -389,12 +398,16 @@
             <plugin>
                 <groupId>org.xolstice.maven.plugins</groupId>
                 <artifactId>protobuf-maven-plugin</artifactId>
-                <version>0.5.1</version>
+                <version>0.6.1</version>
                 <configuration>
-                    <protocArtifact>com.google.protobuf:protoc:3.12.0:exe:${os.detected.classifier}</protocArtifact>
+                    <!--<protocArtifact>com.google.protobuf:protoc:3.12.0:exe:${os.detected.classifier}</protocArtifact>-->
+                    <!-- for Mac OS compatibility -->
+                    <protocArtifact>com.google.protobuf:protoc:3.21.7:exe:osx-x86_64</protocArtifact>
                     <protoSourceRoot>${basedir}/src/main/proto</protoSourceRoot>
                     <pluginId>grpc-java</pluginId>
-                    <pluginArtifact>io.grpc:protoc-gen-grpc-java:1.34.1:exe:${os.detected.classifier}</pluginArtifact>
+                    <!--<pluginArtifact>io.grpc:protoc-gen-grpc-java:1.54.0:exe:${os.detected.classifier}</pluginArtifact>-->
+                    <!-- for Mac Os compatibility -->
+                    <pluginArtifact>io.grpc:protoc-gen-grpc-java:${grpc.version}:exe:osx-x86_64</pluginArtifact>
                 </configuration>
                 <executions>
                     <execution>
@@ -434,7 +447,8 @@
             <dependency>
                 <groupId>org.springframework.cloud</groupId>
                 <artifactId>spring-cloud-dependencies</artifactId>
-                <version>2020.0.4</version>
+                <!-- version compatible with Spring boot 2.7.x -->
+                <version>2021.0.5</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>

src/main/java/bio/overture/ego/config/AppSecureServerConfig.java

@@ -0,0 +1,90 @@
+/*
+ * Copyright (c) 2017. The Ontario Institute for Cancer Research. All rights reserved.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package bio.overture.ego.config;
+
+import bio.overture.ego.security.*;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.autoconfigure.security.SecurityProperties;
+import org.springframework.context.annotation.*;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.oauth2.server.authorization.config.annotation.web.configurers.OAuth2AuthorizationServerConfigurer;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+
+@Configuration
+@EnableWebSecurity
+@Import(OAuth2ClientConfig.class)
+@Profile("auth")
+public class AppSecureServerConfig {
+
+  OAuth2AuthorizationServerConfigurer authorizationServerConfigurer =
+      new OAuth2AuthorizationServerConfigurer();
+  @Autowired JWTAuthorizationFilter authorizationFilter;
+
+  @Bean
+  @Order(SecurityProperties.BASIC_AUTH_ORDER - 6)
+  public SecurityFilterChain appFilterChain(HttpSecurity http) throws Exception {
+    return http.csrf()
+        .disable()
+        .apply(authorizationServerConfigurer)
+        .and()
+        .securityMatcher(
+            "/",
+            "/favicon.ico",
+            "/swagger-ui/**",
+            "/v3/api-docs/**",
+            "/swagger-resources/**",
+            "/configuration/ui",
+            "/configuration/**",
+            "/v2/api**",
+            "/webjars/**",
+            "/actuator/**",
+            "/o/**",
+            "/oauth/token",
+            "/oauth/token/verify",
+            "/oauth/token/public_key")
+        .authorizeRequests()
+        .requestMatchers(
+            "/",
+            "/favicon.ico",
+            "/swagger-ui/**",
+            "/v3/api-docs/**",
+            "/swagger-resources/**",
+            "/configuration/ui",
+            "/configuration/**",
+            "/v2/api**",
+            "/webjars/**",
+            "/actuator/**",
+            "/oauth/token/verify",
+            "/oauth/token/public_key")
+        .permitAll()
+        .requestMatchers(HttpMethod.OPTIONS, "/**")
+        .permitAll()
+        .anyRequest()
+        .authenticated()
+        .and()
+        .addFilterBefore(authorizationFilter, BasicAuthenticationFilter.class)
+        .sessionManagement()
+        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+        .and()
+        .build();
+  }
+}

src/main/java/bio/overture/ego/config/AuthorizationServerConfig.java

@@ -16,7 +16,7 @@
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.oauth2.jwt.JwtDecoder;
 import org.springframework.security.oauth2.jwt.NimbusJwtDecoder;
-import org.springframework.security.oauth2.server.authorization.config.ProviderSettings;
+import org.springframework.security.oauth2.server.authorization.settings.AuthorizationServerSettings;
 
 @Configuration
 public class AuthorizationServerConfig {
@@ -48,7 +48,11 @@ public JwtDecoder jwtDecoder(@Autowired TokenSigner tokenSigner) {
   }
 
   @Bean
-  public ProviderSettings providerSettings(@Value("${token.issuer}") String issuer) {
-    return ProviderSettings.builder().tokenEndpoint("/oauth/token").issuer(issuer).build();
+  public AuthorizationServerSettings providerSettings(@Value("${token.issuer}") String issuer) {
+
+    return AuthorizationServerSettings.builder()
+        .tokenEndpoint("/oauth/token")
+        .issuer(issuer)
+        .build();
   }
 }

src/main/java/bio/overture/ego/config/InitializationConfig.java

@@ -1,11 +1,11 @@
 package bio.overture.ego.config;
 
 import bio.overture.ego.model.enums.ApplicationType;
+import jakarta.validation.constraints.NotBlank;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
 import java.util.ArrayList;
 import java.util.List;
-import javax.validation.constraints.NotBlank;
-import javax.validation.constraints.NotNull;
-import javax.validation.constraints.Size;
 import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Getter;